Main Vulnerability Database Vulnerabilities #VU119029

#VU119029 Buffer over-read in Qualcomm products - CVE-2025-27064

Published: December 2, 2025

Vulnerability identifier: #VU119029

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-27064

CWE-ID: CWE-126

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
FastConnect 6900
FastConnect 7800
Immersive Home 3210 Platform
Immersive Home 326 Platform
IPQ5300
IPQ5302
IPQ5312
IPQ5332
IPQ5424
IPQ9008
IPQ9048
IPQ9554
IPQ9570
IPQ9574
MDM9628
QAM8255P
QAM8650P
QCA0000
QCA6564A
QCA6564AU
QCA6574A
QCA6584AU
QCA6595AU
QCA6678AQ
QCA6688AQ
QCA6698AQ
QCA8075
QCA8080
QCA8081
QCA8082
QCA8084
QCA8085
QCA8101
QCA8102
QCA8111
QCA8112
QCA8384
QCA8385
QCA8386
QCA9367
QCF8000
QCF8001
QCN5124
QCN5224
QCN6402
QCN6412
QCN6422
QCN6432
QCN9000
QCN9012
QCN9024
QCN9074
QCN9160
QCN9274
QXM8083
SA4150P
SA4155P
SA7255P
SA8155P
SA8195P
SA8255P
SA8530P
SA8650P
Snapdragon 8 Gen 1 Mobile Platform
Snapdragon Auto 5G Modem-RF Gen 2
SXR2250P
WCD9380
WCN3660B
WCN3680B
WCN3980
WSA8830
WSA8835
QCA6574AU
QCA9377
SA6155P
SA8540P
SA9000P

Software vendor:
Qualcomm

Description

The vulnerability allows a local application to read and manipulate data.

The vulnerability exists due to improper input validation in Core Services. A local application can read and manipulate data.

Remediation

Install security update from vendor's website.

External links

https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2025-bulletin.html

#VU119029 Buffer over-read in Qualcomm products - CVE-2025-27064

Description

Remediation

External links

Please verify you're human